[Cryptography] The Crypto Pi
Ralf Senderek
crypto at senderek.ie
Mon Jan 26 13:59:08 EST 2015
On Mon, 26 Jan 2015 14:12:29 iang wrote:
> On 25/01/2015 16:35 pm, Ralf Senderek wrote:
>
> > When I read bytes from /dev/random with dd and immediately check this
> > file again, n bits are missing as a result of the read operation.
> > So, IMHO, the whole system now has less entropy to feed to /dev/random.
> > Am I wrong, when I assume that if the content of entropy_avail drops to
> > zero, /dev/random is supposed to block?
>
>
> Once upon a time, it might have meant that. Now it doesn't.
>
> What it "means" is more to do with whatever is implemented by the
primary
> unix system you are using, and
> as it happens, Linux and BSD do differently. So meaning is out the window,
> we're back to implementation.
>
> My advice: applications should use /dev/urandom.
I won't follow your advice, because for the Crypto Pi I want high-quality
keys with a reliable amount of entropy in each of them, not only
pseudo-random numbers. From which source I can draw the keys is unclear
at the moment, because /dev/random seems to work very differently on
the platforms in question. But without a reliable measurement of the
randomness there is no answer whether the key is good enough or not.
I'm not convinced that the entropy-avail file is entirely useless. though.
I agree that we're in implementation land already, and in the end we
have to assess a working system and not a mathematical notion.
--Ralf
More information about the cryptography
mailing list